mirai | e39b59d495995ac656233ec1ce8086ed7bc446cf37afa334b6e03994b4dc6130 | Triage

Sharing

General

Target

boatnet.mips.elf
Size

23KB
Sample

230428-lvhb6sfb4v
MD5

3250686efc57237ccff56492e9d6a152
SHA1

058d77f26576409cf397455e29756f539d73465d
SHA256

e39b59d495995ac656233ec1ce8086ed7bc446cf37afa334b6e03994b4dc6130
SHA512

b6d19f5a248b189468e83d776fec46d6808870299f3c4e574e668465a76b253bbb2e7b7eb790ee759988806c8bc48a29dfcb2f8588f1f842e315c5120ecb3f80
SSDEEP

384:teD8ZSH2LLZUYyGZbsOiTTVrm/AUcRdjoFEBaFFD4Q7ermdrJgGlzDpH7uNj1JA+:teD8ZSWvZHZbs1Txm+jbBa3D4Q7uirJk

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.mips.elf
- Size
  
  23KB
- MD5
  
  3250686efc57237ccff56492e9d6a152
- SHA1
  
  058d77f26576409cf397455e29756f539d73465d
- SHA256
  
  e39b59d495995ac656233ec1ce8086ed7bc446cf37afa334b6e03994b4dc6130
- SHA512
  
  b6d19f5a248b189468e83d776fec46d6808870299f3c4e574e668465a76b253bbb2e7b7eb790ee759988806c8bc48a29dfcb2f8588f1f842e315c5120ecb3f80
- SSDEEP
  
  384:teD8ZSH2LLZUYyGZbsOiTTVrm/AUcRdjoFEBaFFD4Q7ermdrJgGlzDpH7uNj1JA+:teD8ZSWvZHZbs1Txm+jbBa3D4Q7uirJk
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet